Attribute-Based Encryption (ABE) schemes use attribute strings directly in the cryptographic operations used to protect data. A user constructs a data protection policy combining threshold gates with attribute strings. The semantic of a threshold gate in this context indicates that the encryptor specifies n attributes and a threshold value k that is in the interval [1,n]. A decryptor must possess at least k of the specified attributes. Such threshold gates may be combined to express complex policies. As a special case we note that the Boolean operators AND (an n out of n threshold gate) and OR (a 1 out of n threshold gate) may be employed. More particularly, in an attribute-based encryption scheme, a decryption key for the user is created from random information specific to the user along with user attribute information, and system instance data. Examples of attributes may include a user's name, e-mail address, organizational duties, status, etc.
An example of a protection policy expression may be “‘Manager’ OR ‘Engineer’”. This states that users possessing either the Manager attribute or the Engineer attribute should be allowed to decrypt the resultant ciphertext. The decryption key granted to a user contains parameters that directly utilize these attribute strings. The ability of a user to decrypt ciphertext is based on the set of attributes assigned to them and the protection policy assigned to the data. Also, while multiple people may have the key to decrypt the corresponding ciphertext, each user's key is associated with that user. For example, even though Alice and Bob have been assigned the Manager attribute and they may both decrypt data for Managers, Alice's ‘Manager’ key will be different from Bob's ‘Manager’ key. One of the benefits of this type of scheme is that users can protect data based on the desired qualifications of the intended recipients with minimal pre-setup.
A system employing such a scheme needs to support use cases where an attribute is revoked for a user and should no longer be used in the protection of new data. A typical case where this would become necessary is if a user was previously authorized for an attribute but no longer qualifies for the attribute assignment. A user may leave the company, change departments, be reassigned to a different project, etc. There needs to be some provision for continuing the intent of the attribute without compromising future data. For example, an organization still wants to use the ‘Legal Department’ qualification to encrypt data but needs to address the fact that users who were once in the Legal Department are no longer in that department. Therefore a need exists for a method and apparatus for key revocation in an attribute-based encryption scheme that allows for an attribute to still be utilized, yet still adequately protects data.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions and/or relative positioning of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of various embodiments of the present invention. Also, common but well-understood elements that are useful or necessary in a commercially feasible embodiment are often not depicted in order to facilitate a less obstructed view of these various embodiments of the present invention. It will further be appreciated that certain actions and/or steps may be described or depicted in a particular order of occurrence while those skilled in the art will understand that such specificity with respect to sequence is not actually required. Those skilled in the art will further recognize that references to specific implementation embodiments such as “circuitry” may equally be accomplished via replacement with software instruction executions either on general purpose computing apparatus (e.g., CPU) or specialized processing apparatus (e.g., DSP). It will also be understood that the terms and expressions used herein have the ordinary technical meaning as is accorded to such terms and expressions by persons skilled in the technical field as set forth above except where different specific meanings have otherwise been set forth herein.